Weekly Fintech Focus
- The Federal Reserve seeks comment on new guidelines for Fed Regional Banks to consider when deciding whether to extend Fed membership or services to nontraditionally chartered entities.
- California DFPI enters a settlement with a fintech company to stop the use of the word “bank” in its name, website URL, and advertising, and requires clear disclosure of the fintech’s bank partnership.
Federal Reserve Seeks Comments on Guidelines for Fintechs Receiving Fed Accounts and Services
The Federal Reserve System (the Fed) issued a request for comment on new guidelines for the Fed’s Regional Banks to use when considering granting access for fintech companies with banking charters to access Fed services (the Account Access Guidelines). Numerous fintech companies have pursued or are pursuing narrow charters with state banking regulators (e.g., industrial loan companies) or the Office of the Comptroller of the Currency (e.g., certain national trust charters or the proposed fintech charter).
The guidance sets out six principles that the Fed’s Regional Banks should consider when deciding to grant a fintech company access to services. In the press release, Fed Governor Lael Brainard stated that “[w]ith technology driving rapid change in the payments landscape, the proposed Account Access Guidelines would ensure requests for access to the Federal Reserve payments system from novel institutions are evaluated in a consistent and transparent manner that promotes a safe, efficient, inclusive, and innovative payment system, consumer protection, and the safety and soundness of the banking system.” The Fed maintains that broad policies and objectives for the banking system and decisions by any of the Regional Banks could impact the Fed system as a whole. Due to the recent uptick in requests from nontraditionally chartered banks for access to Fed membership and services, the Fed seeks comment on the following principles:
- Only institutions that are legally eligible for Fed membership and services may receive such membership and services from the Fed. This means that, unless otherwise provided by statute, the entity must be a Fed member bank or meet the definition of a depository institution under section 19(b) of the Federal Reserve Act. Eligibility will also be evaluated with consideration of the applicable laws and regulations such as UCC Article 4A and the Electronic Fund Transfer Act, and whether the institution’s services impede compliance with U.S. sanctions, the BSA, or other consumer protection laws.
- Providing an account and services to an institution should not present or create undue credit, operational, settlement, cyber, or other risks to the Fed. The Fed Regional Bank should incorporate the institution’s state and federal regulator assessments into the institution’s risk profile, and the institution’s risk management framework should clearly identify and address the risks the institution’s operations face. At a minimum, the institution’s operational risk framework should identify the institution’s operational risks (e.g., cyber vulnerability, operational failure, resiliency of service providers), establish sound governance arrangements, establish clear and appropriate rules for carrying out risk management objectives, employ resources necessary to achieve risk management objectives, and support compliance with electronic access requirements (with reference to Fed Operating Circular 5).
- Providing an account or services should not present or create undue, credit, liquidity, operational, settlement, cyber or other risks to the overall payment system. The institution should have an effective risk management framework and governance arrangement to limit the impact of outages, stressors, and disruptions. The Fed Regional Bank should identify actual and potential interactions between the institution’s use of the Fed account and services and other parts of the payment system.
- Providing an account and services to an institution should not create undue risk to the stability of the U.S. financial system. As part of its review, the Regional Bank should assess the institution’s risk profile and determine, in coordination with other Regional Banks and the Fed Board, whether access to an account or services by an institution itself or a group of like institutions could introduce financial stability risk to the U.S. financial system.
- Providing an account and services to an institution should not create undue risk to the overall economy by facilitating activities such as money laundering, terrorism financing, fraud, cybercrimes, or other illicit activity. The Regional Bank should ensure that the institution has in place adequate AML and OFAC programs.
- Providing an account and services to an institution should not adversely affect the Fed’s ability to implement monetary policy.
California DFPI Limits the Use of “Bank” by a Fintech Company
Fintech companies provide software and technology integrations, often in partnership with banks, to offer financial and banking services to consumers. These fintech companies have flooded the marketplace over the past few years, with new focuses on reaching underbanked customers or tailoring financial services for certain communities. From customers’ perspectives, they are getting the services a bank would provide, but packaged in a way that makes such services more accessible and understandable. While customers may view the fintech company as a bank, fintech companies are generally not chartered banks themselves. In many states, the bank regulator closely guards the use of the word “bank” in company names or advertising to ensure that consumers are not misled about whether they are transacting with a chartered bank.
Recently, the California Department of Financial Protection and Innovation (DFPI) entered into a settlement agreement with a fintech company related to the fintech’s use of the words “bank” and “banking” in its name, website, and marketing. The fintech had used the word “bank” in its website URL and in descriptions of its services. Under the settlement agreement, the fintech must cease using the word “bank” in its website URL and “distance itself” from using the term “banking” and derivatives across its website, mobile app, and advertising. The DFPI directed that the fintech do the following:
- Where “banking” terminology is used, the fintech must clearly and conspicuously disclose stating that the fintech is not a bank and that the banking services are provided by its bank partner.
- In testimonials that the fintech posts, it must review to correct for instances where the testimonial may be perceived as the fintech being a chartered bank.
- Website language must be revised so it is clear that customers may go through the fintech to open an account at a bank partner rather than the account being a fintech account.
- In its advertising, such as paid Google search results, the fintech must place a statement that the banking services are provided by its bank partner and identify that bank partner by name.
- In its FAQs, the fintech should clearly explain that bank accounts are held at its bank partner and identify that bank partner by name.
- A clear and prominent disclaimer must be provided during the account set up process to inform the consumer that the fintech is a financial technology company—not a bank—and that the banking services are provided by bank partners.